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In the Claims 

Applicant has submitted a new complete claim set showing the claims as currently 
presented. 

1 . (Currently amended) A data management method for managing access to a 
plurality of volumes of a storage system by at least two devices coupled to the storage system 
through a network, the method comprising steps of: 

[[receiving, over the network at the storage system, encryption information provided by 
at least one of the at least two devices; 

transferring an expected access key between the storage system and the at least one of the 
at least two devices, the expected access key encrypted using the encryption information;]] 

receiving over the network at the storage system a request from one of the at least two 
devices for access to at least one of the plurality of volumes of the storage system, the request 
identifying the at least one of the plurality of volumes in the storage system and a represented 
source of the request [[, and including a request access key]]; and 

selectively servicing the request , at the storage system, [[the request responsive to]] based 
at least in part on steps of: 

determining, from configuration dat a, whether the [[indicating that the one of the 

at least two devices]] represented source is authorized to access the at least one of the 

plurality of volumes [[, wherein the step of selectively servicing comprises a step of]]; 

and 

verifying that the represented soxirce of the request is the one of the at least two 
devices that issued the request [[based, at least in part, on a comparison between the 
request access key and the expected access key]]. 

2. (Previously presented) The data management method according to claim 1, 
wherein the configuration data is stored in the storage system in a configuration table comprising 
a plurality of records, each of the records including an identifier and information indicating 
which of the volumes of data are available to a device associated v^th the corresponding 
identifier, and wherein the step of selectively servicing further includes steps of: 
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receiving the request at the storage system issued by the one of the at least two devices, 
the request including a source identifier identifying the one of at the at least two devices that 
initiated the request and an address to one of the volumes of the plurality of volumes in the 
storage system; and 

determining whether to service the request responsive at least to a portion of the 
configxiration data associated with the source identifier and the address of the one of the 
volumes. 

3. (Previously presented) The data management method according to claim 1, the 
method including a step of: 

forwarding the request from the one of the at least two devices to the storage system over 
the network. 

4. (Original) The data management method according to claim 3, wherein the step 
of forwarding includes forwarding the request using a Fibre Channel protocol. 

5. (Canceled) 

6. (Currently amended) The data management method according to claim [[2]] 33, 
wherein the act of verifying includes an act of verifying that the represented source of the request 
is the one of the at least two devices that issued the request based, at least in part, on a 
comparison between the request access key and the expected access key [[expected access key 
includes access information generated at the storage system independent of information provided 
in the source identifier identifying the respective one of the at least two devices, and wherein the 
step of receiving encryption information provided by each of the at least two devices is 
performed before the step of receiving the request]]. 

7. (Previously presented) The data management method according to claim 6, 
wherein the request access key is encrypted using a key associated with the one of the at least 
two devices that issued the request. 
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8. (Previously presented) The data management method according to claim 7, 
wherein the step of verifying further comprises a step of: 

decrypting the request access key at the storage system using a decryption key associated 
with and initially provided by the one of the at least two devices identified in the request. 

9. (Original) The data management method according to claim 1, wherein the one of 
the at least two devices is a host processor, and wherein the step of forwarding includes the step 
of forwarding the request from the host processor to the storage system. 

10. (Original) The data management method according to claim 1, wherein at least 
one of the at least two devices is a file server and wherein the step of forwarding includes the 
step of forwarding the request from the file server to the storage system. 

1 1 . (Original) The data management method according to claim 1, wherein the 
storage system includes a plurality of disk drives, and wherein the step of selectively servicing 
includes the step of forwarding the request to one of the plurality of disk drives. 

12. (Original) The data management method according to claim 1, further comprising 
a step of: 

validating the request from the one of the at least two devices at the storage system to 
verify that the request was not altered during transit. 

13. (Original) The data management method according to claim 2, wherein the 
configuration table comprises a plurality of records arranged in an array including a plurality of 
rows corresponding to a number of volumes of data available at the storage system and a 
plurality of columns corresponding to a number of ports available at the storage system, and 
wherein each of the records includes a bitmap having a bit corresponding to each device 
authorized to access each of the corresponding ports, and wherein the step of determining 
whether to service the request comprises steps of: 

indexing the configuration database using the address provided in the request to identify 
an indexed record; and 
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comparing the bitmap of the indexed record with the source identifier to determine 
whether a bit of the bitmap associated with the source identifier indicates that the one of the at 
least two devices associated with the source identifier has access to the volume of the storage 
system associated with the indexed record. 

14. (Original) The data management method according to claim 1, wherein the step 
of selectively servicing further comprises steps of: 

servicing a first request issued by a first one of the at least two devices for access to a 
first portion of data in the storage system responsive to configxiration data associated with the 
first one of the at least two devices and an address of the first portion of data specified the first 
request; and 

precluding a second request issued by a second one of the at least two devices for access 
to the first portion of data in the storage system from being serviced responsive to configuration 
data associated v^th the second one of the at least two devices and the address of the first portion 
of data specified in the second request. 

15. (Currently amended) A computer readable medium comprising: 

a first data structure to manage accesses by a plurality of devices to volumes of data at a 
storage system over a communication network, the storage system managing access responsive 
to requests that each identifies one of the plurality of volumes of the storage system to be 
accessed and one of the plurality of devices that is represented as having issued the request, the 
first data structure comprising a plurality of records corresponding to the plurality of devices, the 
plurality of records comprising at least one record corresponding to one of the plurality of 
devices and including configuration information having at least one identifier that identifies 
which of the volumes of the storage system the one of the plurality of devices is authorized to 
access, and authentication information that can be [[an access key previously transferred between 
at least one of the plurality of devices and the storage system, the access key encrypted wdth 
encryption information initially provided by the at least one of the plurality of devices, the access 
key being]] used by the storage system to determine whether the one of the plurality of devices 
that issued the request is the corresponding one of the plurality of devices. 



Serial No. 09/107,618 -6- Art Unit: 2152 

Conf.No, 8313 

16. (Original) The computer readable medium according to claim 15, in combination 
with the storage system, wherein the computer readable medium is a memory of the storage 
system. 

17. (Previously presented) The combination according to claim 16, in further 
combination with the plurality of devices and the communication network, wherein the storage 
system and the plurality of devices are coupled to communicate over the communication 
network. 

18. (Original) The combination of claim 17, wherein the storage system and the 
plurality of devices communicate according to a Fibre Channel network protocol. 

19. (Original) The combination according to claim 16, wherein the storage system 
further comprises: 

a second data structure comprising a plurality of records that form a copy of a subset of 
the plurality of records in the first data structure, wherein the subset of the plurality of records in 
the second data structure is associated v^th a subset of the plurality of devices that are logged 
into the storage system. 

20. (Original) The combination according to claim 19, wherein the second data 
structure further comprises: 

an array of records having a plurality of columns corresponding to the volumes of data at 
the storage system and a plurality of rows corresponding to a plurality of ports of the storage 
system, each record in the array including at least one bit corresponding to each of the plurality 
of devices. 

21. (Currently amended) A storage system comprising: 

at least one storage device apportioned into a plurality of volumes; 

a configuration table to store configuration data identifying which of a plurality of 
devices coupled to the storage system via a network are authorized to access which of the 
plurality of volumes [[and to store an expected access key for at least one of the plurality of 
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devices, the expected access key transferred between the at least one of the plurality of devices 
and the storage system and encrypted for the transfer using encryption information initially 
provided by the at least one of the plurality of devices]]; and 

a filter, responsive to the configuration data, to selectively forward to the at least one 
storage device requests for access to the plurality of volumes received fi'om the plurality of 
devices over the network, wherein each request identifies at least one of the plurality of devices 
that is represented to the storage system as having issued the request [[and a request access key]], 
and wherein the filter is adapted to verify [[, based at least in part on a comparison between the 
request access key and the expected access key,]] that the at least one of the plurality of devices 
identified in the request is the device that issued the request. 

22. (Original) The storage system according to claim 21 , wherein the filter forwards 
a request to a volume for servicing by the storage system responsive to the configuration data 
indicating that the one of the plurality of devices that issued the request is authorized to access 
the volume. 

23. (Original) The storage system according to claim 21, wherein the filter precludes 
a request to a volume from being serviced by the storage system responsive to the configuration 
data indicating that the one of the plurality of devices that issued the request is not authorized to 
access the volume. 

24. (Previously presented) The storage system according to claim 21, wherein the 
configuration table comprises a number of records, each record including an identifier and a 
map, the map indicating which volumes of the storage system are capable of being accessed by a 
device associated with the identifier, wherein each request received at the filter includes a source 
identifier identifying the one of the plurality of devices that issued the request and an address to 
one of the plurality of volumes, and wherein the filter further comprises: 

a comparator to compare each request against the information in a selected record in the 
configuration table associated with the request to determine whether the one of the plurality of 
devices that issued the request is authorized to access the volume. 
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25. (Original) The storage system according to claim 24, wherein an identifier in the 
selected record corresponds to the source identifier of the request. 

26. (Previously presented) The storage system according to claim 21 , in combination 
with the plurality of devices and wherein the network couples the storage system to the plurality 
of devices. 

27. (Original) The combination of claim 26, wherein the storage system and the 
plurality of devices communicate over the network using a Fibre Channel network protocol. 

28. (Canceled) 

29. (Original) The storage system according to claim 21 , fiirther comprising: 
means for validating a request received at the storage system to verify that the request 

was not altered in transit. 

30. (Original) The storage system according to claim 21, wherein the at least one 
storage device includes a plurality of disk drives. 

3 1 . (Original) The combination according to claim 26, wherein at least one of the 
plurality of devices is a host processor. 

32. (Original) The combination according to claim 26, wherein one of the plurality of 
devices is a file server. 

33. (New) The data management method of claim 1 , further comprising an act of 
transferring an expected access key between the storage system and the at least one of the at least 
two devices, and wherein the act receiving the request includes an act of receiving a request from 
one of the at least two devices for access to at least one of the plurality of volumes, the request 
including a request access key, and wherein the act of verifying includes an act of comparing the 
request access key and the expected access key. 
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34. (New) The data management method of claim 6, further comprising an act of 
transferring encryption information between the storage system and the at least one of the at least 
two devices, and wherein the expected access key and/or the request access key are encrypted 
using the encryption information. 



